Infostealer infection attempts increased 58% in 2024.

Infostealer malware has tripled in prevalence.

Both infostealer infections and compromised credentials are on track to surpass 2024 figures, which saw over 4.3 million machines infected with approximately 330 million compromised credentials. This indicates a 24% increase YoY in these areas.

2.67 million machines were infected by infostealer malware in H1 2025. This led to more than 204 million compromised credentials being observed.

The theft of credentials via information-stealing malware has skyrocketed by 800% since the start of 2025.

Infostealers are projected to account for 35% of detected malware threats in 2025.

There has been a 156% increase in cyberattacks that target user logins, specifically attributed to info-stealing malware and advanced phishing kits.

Infostealer malware attacks have surged by 58% in Latin America.

Before disruption, Lumma Stealer activity in H1 2025 was higher than in H2 2024 (+21%).

Lumma Stealer is now the top type of malware and accounts for over 25% of recorded infostealer attacks worldwide.

Lumma Stealer accounts for over 50% of infostealer attacks on the US SLED sector.

Infostealer activity has surged by 266% in recent years.

FortiGuard Labs observed a 500% increase in the past year in logs available from systems compromised by infostealer malware.

The number of infostealers delivered via phishing emails per week increased by 84% year-over-year.

Early data from 2025 suggests an even greater increase of 180% of weekly infostealer volume compared to 2023.

Analysis of dark web data reveals listings of infostealer advertisements increased 12% in 2024 over the previous year.

There was a 12% year-over-year increase of infostealer credentials for sale on the dark web.

About one in every two corporate users was already the victim of an infostealer infection on a personal or corporate system in 2024.